Tagging systems are particularly vulnerable to tag spam. Although some previous efforts aim to address this problem with detection-based or demotion-based approaches, tricky attacks launched by attackers who can exploit vulnerabilities of spam-resistant mechanisms are still able to invalidate those efforts. Therefore, it is challenging to resist tricky spam attacks in tagging systems. This paper proposes a novel spam-proof tagging system, which can provide high-quality tag search results even under tricky attacks, based on four key insights: demotion-based strategy, reputation, altruistic users and social networking. Specifically, our system upgrades/degrades the ranks of correct/incorrect content items in search results through introducing personalized users' reliability degrees and responsible users, thus avoiding clients pick unwanted content. Experimental results illustrated our system could effectively defend against tricky tag spam attacks and work better than current prevalent tag search models.
{"title":"Towards a Reliable Spam-Proof Tagging System","authors":"Ennan Zhai, Liping Ding, S. Qing","doi":"10.1109/SSIRI.2011.30","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.30","url":null,"abstract":"Tagging systems are particularly vulnerable to tag spam. Although some previous efforts aim to address this problem with detection-based or demotion-based approaches, tricky attacks launched by attackers who can exploit vulnerabilities of spam-resistant mechanisms are still able to invalidate those efforts. Therefore, it is challenging to resist tricky spam attacks in tagging systems. This paper proposes a novel spam-proof tagging system, which can provide high-quality tag search results even under tricky attacks, based on four key insights: demotion-based strategy, reputation, altruistic users and social networking. Specifically, our system upgrades/degrades the ranks of correct/incorrect content items in search results through introducing personalized users' reliability degrees and responsible users, thus avoiding clients pick unwanted content. Experimental results illustrated our system could effectively defend against tricky tag spam attacks and work better than current prevalent tag search models.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131774667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life industrial system. This paper reports on the experiences from applying the PREDIQT method in a second and more recent case study -- on an industrial ICT system from another domain and with a number of different system characteristics, compared with the previous case study. The analysis is performed in a fully realistic setting. The system analyzed is a critical and complex expert system used for management and support of numerous working processes. The system is subject to frequent changes of varying type and extent. The objective of the case study has been to perform an additional and more structured evaluation of the PREDIQT method and assess its performance with respect to a set of success criteria. The evaluation argues for feasibility and usefulness of the PREDIQT-based analysis. Moreover, the study has provided useful insights into the weaknesses of the method and suggested directions for future research and improvements.
{"title":"Evaluation of Experiences from Applying the PREDIQT Method in an Industrial Case Study","authors":"Aida Omerovic, Bjørnar Solhaug, K. Stølen","doi":"10.1109/SSIRI.2011.20","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.20","url":null,"abstract":"We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life industrial system. This paper reports on the experiences from applying the PREDIQT method in a second and more recent case study -- on an industrial ICT system from another domain and with a number of different system characteristics, compared with the previous case study. The analysis is performed in a fully realistic setting. The system analyzed is a critical and complex expert system used for management and support of numerous working processes. The system is subject to frequent changes of varying type and extent. The objective of the case study has been to perform an additional and more structured evaluation of the PREDIQT method and assess its performance with respect to a set of success criteria. The evaluation argues for feasibility and usefulness of the PREDIQT-based analysis. Moreover, the study has provided useful insights into the weaknesses of the method and suggested directions for future research and improvements.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115362676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
F. Amato, M. Felici, Paola Lanzi, Giulia Lotti, L. Save, A. Tedeschi
This paper is concerned with an operational account of trust. It reports our experience in observing different trust aspects during a validation session for the assessment of a new tool and relevant operational concepts in the Air Traffic Management (ATM) domain. Despite the fact that trust is yet an elusive concept, our results show how monitoring trust can support the validation of alternative system settings and their operational aspects. This paper reports our experimental work on observing trust during validations exercises. Moreover, it provides new insights about the nature and the investigation of trust.
{"title":"Trust Observations in Validation Exercises","authors":"F. Amato, M. Felici, Paola Lanzi, Giulia Lotti, L. Save, A. Tedeschi","doi":"10.1109/SSIRI.2011.26","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.26","url":null,"abstract":"This paper is concerned with an operational account of trust. It reports our experience in observing different trust aspects during a validation session for the assessment of a new tool and relevant operational concepts in the Air Traffic Management (ATM) domain. Despite the fact that trust is yet an elusive concept, our results show how monitoring trust can support the validation of alternative system settings and their operational aspects. This paper reports our experimental work on observing trust during validations exercises. Moreover, it provides new insights about the nature and the investigation of trust.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126480686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
These days, security-sensitive business application systems are developed and maintained by more than one software engineer, some of which may be unethical or malicious. Unethical software engineers can insert malicious code to the systems or maliciously change the existing code in the systems to gain personal benefits. As the result, security of the business application systems can be compromised. This paper describes an approach to detecting malicious code created by malicious software engineers in components. This paper is an extension to our previous work detecting malicious code attacking security-sensitive information within a component. In particular, this paper focuses on detecting malicious code in a component that intrudes security-sensitive information in different components in an application. For this, an application system monitor(s) is designed to detect intrusion between components using the business process encapsulated in the monitor(s). The proposed approach is applied to the ATM system and B2B electronic commerce system to evaluate the performance.
{"title":"Component-Based Malicious Software Engineer Intrusion Detection","authors":"M. Shin, Snehadeep Sethia, N. Patel","doi":"10.1109/SSIRI.2011.33","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.33","url":null,"abstract":"These days, security-sensitive business application systems are developed and maintained by more than one software engineer, some of which may be unethical or malicious. Unethical software engineers can insert malicious code to the systems or maliciously change the existing code in the systems to gain personal benefits. As the result, security of the business application systems can be compromised. This paper describes an approach to detecting malicious code created by malicious software engineers in components. This paper is an extension to our previous work detecting malicious code attacking security-sensitive information within a component. In particular, this paper focuses on detecting malicious code in a component that intrudes security-sensitive information in different components in an application. For this, an application system monitor(s) is designed to detect intrusion between components using the business process encapsulated in the monitor(s). The proposed approach is applied to the ATM system and B2B electronic commerce system to evaluate the performance.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121214927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
One fundamental challenge for software testing is the oracle problem, which means that either there does not exist a mechanism (called oracle) to verify the test output given any possible program input, or it is very expensive, if not impossible, to apply the oracle. Metamorphic testing is an innovative approach to oracle problem. In metamorphic testing, metamorphic relations are derived from the innate characteristics of the software under test. These relations can help to generate test data and verify the correctness of the test result without the need of oracle. The effectiveness of metamorphic relations can play a significant role in the testing process. It has been argued that the metamorphic relations that cause different software execution behaviors should have high fault detection ability. In this paper, we conduct a case study to analyze the relationship between the execution behavior and the fault-detection effectiveness of metamorphic relations. Some code coverage criteria are used to reflect the execution behavior. It is shown that there is a certain degree of correlation between the code coverage achieved by a metamorphic relation and its fault-detection effectiveness.
{"title":"On Testing Effectiveness of Metamorphic Relations: A Case Study","authors":"M. Asrafi, Huai Liu, Fei-Ching Kuo","doi":"10.1109/SSIRI.2011.21","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.21","url":null,"abstract":"One fundamental challenge for software testing is the oracle problem, which means that either there does not exist a mechanism (called oracle) to verify the test output given any possible program input, or it is very expensive, if not impossible, to apply the oracle. Metamorphic testing is an innovative approach to oracle problem. In metamorphic testing, metamorphic relations are derived from the innate characteristics of the software under test. These relations can help to generate test data and verify the correctness of the test result without the need of oracle. The effectiveness of metamorphic relations can play a significant role in the testing process. It has been argued that the metamorphic relations that cause different software execution behaviors should have high fault detection ability. In this paper, we conduct a case study to analyze the relationship between the execution behavior and the fault-detection effectiveness of metamorphic relations. Some code coverage criteria are used to reflect the execution behavior. It is shown that there is a certain degree of correlation between the code coverage achieved by a metamorphic relation and its fault-detection effectiveness.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131556670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.
{"title":"An Organization-Driven Approach for Enterprise Security Development and Management","authors":"Lirong Dai, Yan Bai","doi":"10.1109/SSIRI.2011.25","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.25","url":null,"abstract":"Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134226044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Automatically finding vulnerabilities and even generating exploits are desirable for software testing. For the protection of intellectual property and copyright, programs being tested may be lack of source code and symbol table information. Concolic execution is a novel technique, which takes advantage of the rapid executing speed of concrete execution and the wide testing coverage of symbolic execution, to discover and identify software bugs, including vulnerabilities. However, a serious limitation of concolic execution inherited from symbolic execution is its poor analysis result with loops, a common programming construct. For instance, when the number of iterations depends on the inputs, the analysis cannot determine possible execution paths of the program. In this paper, we propose a new concolic execution technique, loop-aware concolic execution, for testing software and analyzing loop-related variables with fewer execution steps. With the novel technique, not only linear relations but also some polynomial recurrence relations in a loop can be handled. To demonstrate effectiveness of the novel technique, we developed a concolic analyzer, called RELEASE, to discover buffer-overflow vulnerabilities in the testing benchmarks.
{"title":"RELEASE: Generating Exploits Using Loop-Aware Concolic Execution","authors":"Bing-Han Li, S. Shieh","doi":"10.1109/SSIRI.2011.31","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.31","url":null,"abstract":"Automatically finding vulnerabilities and even generating exploits are desirable for software testing. For the protection of intellectual property and copyright, programs being tested may be lack of source code and symbol table information. Concolic execution is a novel technique, which takes advantage of the rapid executing speed of concrete execution and the wide testing coverage of symbolic execution, to discover and identify software bugs, including vulnerabilities. However, a serious limitation of concolic execution inherited from symbolic execution is its poor analysis result with loops, a common programming construct. For instance, when the number of iterations depends on the inputs, the analysis cannot determine possible execution paths of the program. In this paper, we propose a new concolic execution technique, loop-aware concolic execution, for testing software and analyzing loop-related variables with fewer execution steps. With the novel technique, not only linear relations but also some polynomial recurrence relations in a loop can be handled. To demonstrate effectiveness of the novel technique, we developed a concolic analyzer, called RELEASE, to discover buffer-overflow vulnerabilities in the testing benchmarks.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121211386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Temporal correctness is one of the most important requirements for time-critical systems. Although time-critical systems are designed to meet their timing constraints, there can be still errors especially with timing constraints in run-time due to various reasons. Typically, time-critical systems are shipped with run-time monitors to check their temporal requirements. Hence, run-time monitors are essential to time-critical services. In this paper, we propose a model-driven monitor based on AOP for time-critical systems. The monitor is modeled by using xUML in the design time, and its timing constrains are specified by RTL-like expressions. The designed monitor model is transformed into the code automatically by our proposed tool chain. We validate the effectiveness of our approach by presenting a case study and analyzing the implemented system.
{"title":"Model-Driven Monitoring of Time-Critical Systems Based on Aspect-Oriented Programming","authors":"Ki-Seong Lee, Chan-Gun Lee","doi":"10.1109/SSIRI.2011.15","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.15","url":null,"abstract":"Temporal correctness is one of the most important requirements for time-critical systems. Although time-critical systems are designed to meet their timing constraints, there can be still errors especially with timing constraints in run-time due to various reasons. Typically, time-critical systems are shipped with run-time monitors to check their temporal requirements. Hence, run-time monitors are essential to time-critical services. In this paper, we propose a model-driven monitor based on AOP for time-critical systems. The monitor is modeled by using xUML in the design time, and its timing constrains are specified by RTL-like expressions. The designed monitor model is transformed into the code automatically by our proposed tool chain. We validate the effectiveness of our approach by presenting a case study and analyzing the implemented system.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132376103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Control logic of embedded systems is nowadays largely implemented in software. Such control software implements, among others, models of physical characteristics, like heat exchange among system components. Due to evolution of system properties and increasing complexity, faults can be left undetected in these models. Therefore, their accuracy must be verified at runtime. Traditional runtime verification techniques that are based on states and/or events in software execution are inadequate in this case. The behavior suggested by models of physical characteristics cannot be mapped to behavioral properties of software. Moreover, implementation in a general-purpose programming language makes these models hard to locate and verify. This paper presents a novel approach to explicitly specify models of physical characteristics using a domain-specific language, to define monitors for inconsistencies by detecting and exploiting redundancy in these models, and to realize these monitors using an aspect-oriented approach. The approach is applied to two industrial case studies.
{"title":"Runtime Verification of Domain-Specific Models of Physical Characteristics in Control Software","authors":"A. D. Roo, Hasan Sözer, M. Aksit","doi":"10.1109/SSIRI.2011.14","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.14","url":null,"abstract":"Control logic of embedded systems is nowadays largely implemented in software. Such control software implements, among others, models of physical characteristics, like heat exchange among system components. Due to evolution of system properties and increasing complexity, faults can be left undetected in these models. Therefore, their accuracy must be verified at runtime. Traditional runtime verification techniques that are based on states and/or events in software execution are inadequate in this case. The behavior suggested by models of physical characteristics cannot be mapped to behavioral properties of software. Moreover, implementation in a general-purpose programming language makes these models hard to locate and verify. This paper presents a novel approach to explicitly specify models of physical characteristics using a domain-specific language, to define monitors for inconsistencies by detecting and exploiting redundancy in these models, and to realize these monitors using an aspect-oriented approach. The approach is applied to two industrial case studies.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121435341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information flow control models can be applied widely. This paper discusses only the models preventing information leakage during program execution. In the prevention, an information flow control model dynamically monitors statements that will cause information flows and ban statements that may cause leakage. We involved in the research of information flow control for years and identified that sensitive information may be leaked only when it is output. However, most existing models ignore information flows induced by output statements. We thus designed a new model that especially emphasizes the monitoring of output statements. We also designed the model as a precise and low runtime overhead one. Our experiments show that the model bans every non-secure information flow and substantially reduces runtime overhead when comparing with our previous work.
{"title":"Using Partial Ordered Numbers to Control Information Flows","authors":"S. Chou","doi":"10.1109/SSIRI.2011.27","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.27","url":null,"abstract":"Information flow control models can be applied widely. This paper discusses only the models preventing information leakage during program execution. In the prevention, an information flow control model dynamically monitors statements that will cause information flows and ban statements that may cause leakage. We involved in the research of information flow control for years and identified that sensitive information may be leaked only when it is output. However, most existing models ignore information flows induced by output statements. We thus designed a new model that especially emphasizes the monitoring of output statements. We also designed the model as a precise and low runtime overhead one. Our experiments show that the model bans every non-secure information flow and substantially reduces runtime overhead when comparing with our previous work.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"411 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116195230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: